Shawn McCarthy, Research Director at IDC Government recently penned an insightful blog on IoT. Titled “Beyond the Internet of Things: How Convergence Can Help Governments Support Their Rising Tide of New Devices,” the blog notes with more devices producing more data, government agencies have been working to add more storage, security, network bandwidth, and systems management tools. David Bray, the innovative, young Chief Information Officer at the Federal Communications Commission, has noted this exponential change. In a recent interview, Bray estimates that from the current 7 billion networked devices we will grow to upwards of 50 billion networked devices by 2020. Deloitte suggests that by 2020, the IoT is powered by a trillion sensors. And Cisco Systems’ research indicates the economic impact in 2020 is more than $14 trillion. In order to take advantage of their mountain of new data, and the associated range of new applications, agencies will have to merge parts of their existing infrastructure. That converged infrastructure can take two forms – merging data centers themselves or consolidating components within a single optimized computing package. Converging IT infrastructure is the first step in the roadmap to capitalizing on the benefits of the Internet of Everything (I0E). Bray goes even further, arguing that we will need to shift from searching for data to having relevant data find us, to include developing machines that learn our preferences for data as well as when to deliver that data in a form most useful to our work. McCarthy also reviews the disruptive, but hopefully positive, effects of IoT on citizen services, government reaction times, and employees. Read More »

As a result of Cisco’s acquisition last May, ThreatGRID is now part of the Cisco Advanced Malware Protection (AMP) portfolio as AMP Threat Grid. The acquisition expands Cisco AMP capabilities in the areas of dynamic analysis and threat intelligence technology, both on-premise and in the cloud. AMP Threat Grid extends Cisco AMP with even greater visibility, context, and control over sophisticated threats. Security analysts and incident response teams can augment their forensics analysis to detect and stop evasive attacks faster than ever.

AMP Threat Grid is not simply another dynamic analysis platform or sandbox. While the solution does leverage various dynamic analysis techniques and ‘sandboxing’ to produce content, it also acts as a content engine so that you can more quickly and easily extract insights from the data. AMP Threat Grid treats all of its analysis as content, making it available to the user via a portal or API. AMP Threat Grid also doesn’t stop at a single analysis technique; instead it applies multiple dynamic and static analysis engines to submitted samples – all produced disk, network, and memory artifacts – in order to generate as rich a source of data as possible.

Security is a primary concern for many organizations making the transition to cloud. In the blog, “Taking a Hybrid Cloud Approach to Security”, cloud provider Presidio shares how building a hybrid cloud enables you to maximize security while maximizing flexibility at the same time.

Security in this instance can be thought of in terms of risk. For example, sensitive data and mission-critical applications need a higher level of security than a devops test environment. The challenge for organizations is to accurately assess their risk and align their security strategy with their business objectives. Threats can come from outside – and inside – an organization. The best response to threats goes beyond just the technology underlying your data center and that of your cloud provider.

The truth is, your organization is unique. This means your security strategy is going to be unique as well. The foundation of a solid, comprehensive strategy is, of course, an enterprise-class architecture with end-to-end security. To be complete, however, security policies must be in place which meet the specific security needs of your organization and regulations of your industry.

The architecture must also be supported by procedures that enable the members of your organization to easily comply with these security policies. These procedures must be effective while at the same time not getting in way of the workflows or corporate culture already in place.

Developing – and successfully implementing – such a security strategy can be extremely complex. For organizations new to cloud, especially hybrid clouds, understanding the nuances of comprehensive security may be outside their expertise. This is why an experienced cloud provider is crucial to any secure hybrid cloud deployment. One size does not fit all, nor are all clouds created equal. The right cloud provider can be a powerful partner in maximizing your ability to benefit from a hybrid cloud.

How can you find the right partner? Ask how much they can do for you. Not just what they offer every customer. What can they bring to the table in terms of experience with your industry? Can they help assess your requirements and risks? Do they offer security beyond the commodity-based cloud offerings so common in the market?

A hybrid approach to cloud has much to offer organizations of all sizes. And when deployed with the right partners, you can have confidence in the security of your data and applications.

OpenSOC, an open source security analytics framework, helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly detection and incident forensics to the data loss problem. By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation. It also provides a centralized platform to effectively enable security analysts to rapidly detect and respond to advanced security threats.

A few months ago we were really excited to bring OpenSOC to the open source community. Developing OpenSOC has been a challenging, yet rewarding experience. Our small team pushed the limits of what is possible to do with big data technologies and put a strong foundational framework together that the community can add to and enhance. With OpenSOC we strive to provide an open alternative to proprietary and often expensive analytics tools and do so at the scale of big data. Read More »

Adversaries are committed to continually refining or developing new techniques to conceal malicious activity, decrease their reliance on other techniques that may be more detectable, and become increasingly more efficient and effective in their attacks. Below are just three examples—explored in detail in the newly released Cisco 2015 Annual Security Report—of how malicious actors met these goals in 2014. These trends were observed by Cisco Talos Security Intelligence and Research Group throughout last year, and analyzed by the team using a global set of telemetry data:

Use of malvertising to help deliver exploit kits more efficiently—Talos noted three exploit kits we observed “in the wild” more than others in 2014: Angler, Goon, and Sweet Orange. More than likely, their popularity is due to their technical sophistication in terms of their ability to evade detection and remain effective. The Sweet Orange kit, for example, is very dynamic. Its components are always changing. Adversaries who use Sweet Orange often rely on malvertising to redirect users (often twice) to websites that host the exploit kit, including legitimate websites.

Increase in Silverlight exploitation—As we reported in both the Cisco 2014 Midyear Security Report and the Cisco 2015 Annual Security Report, the number of exploit kits able to exploit Microsoft Silverlight is growing. While still very low in number compared to more established vectors like Flash, PDF, and Java, Silverlight attacks are on the rise. This is another example of adversaries exploring new avenues for compromise in order to remain efficient and effective in launching their attacks. The Angler and Goon exploit kits both include Silverlight vulnerabilities. Fiesta is another known exploit kit that delivers malware through Silverlight, which our team reported on last year.

The rise of “snowshoe spam”—Phishing remains an essential tool for adversaries to deliver malware and steal users’ credentials. These actors understand that it is more efficient to exploit users at the browser and email level, rather than taking the time and effort to attempt to compromise servers. To ensure their spam campaigns are effective, Talos observed spammers turning to a new tactic last year: snowshoe spam. Unsolicited bulk email is sent using a large number of IP addresses and at a low message volume per IP address; this prevents some spam systems from detecting the spam, helping to ensure it reaches its intended audience. There is also evidence that adversaries are relying on compromised users’ machines as a way to support their snowshoe spam campaigns more efficiently. Snowshoe spam contributed to the overall increase of spam volume by 250 percent in 2014.

These are only a few of the threat intelligence findings presented in the Cisco 2015 Annual Security Report. We encourage you to read the whole report, but also, to stay apprised of security trends throughout the year by following our reports on the Cisco Security blog. Talos is committed to ongoing coverage of security threats and trends. In fact, in the Cisco 2015 Annual Security Report, you’ll find links to several posts that our researchers published throughout 2014, and were used to help shape and inform our threat intelligence coverage in the report.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.